Hey guys!

Im working on a login form that connects to an SQL 2008 database. i have created records in the table for users who can login. i however want a code snippet that matches the username and password entered with the records in the database. i have a rough idea about it but

this is what i have:

conn - the connection string to the database
usercmd - object for executing sql commands
userstring - the sql string object

Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
        Dim count As Integer


            If conn.State = ConnectionState.Closed Then
                userstring = "Select * from Hotel.dbo.Users where UserName = '" & UsernameTextBox.Text & "' and Password = '" & PasswordTextBox.Text & "'"
                usercmd = New SqlCommand(userstring, conn)
                count = usercmd.ExecuteScalar

                If count > 0 Then
                    MsgBox("records exist")
                    'load main form of application

                    MsgBox("no records found")
                   're-enter login username and password

                End If


            End If

        Catch ex As Exception
            Throw ex

        End Try

    End Sub

Some input on how i can correct this and get it working

chris, first you need to make a connection to sql server and then you can access the particular dbase and rable from which you want to perform user verification as in my codes below

Private Sub btnOk_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnOk.Click


            'variable to hold connectionstring 
            Dim objconnection As SqlConnection = New  _
                 SqlConnection("Server=localhost;Database=MSS;" & _
                    "user ID = sa; password = clement;")

            objconnection.Open() 'open connection to server 

            'this is the SQL select statement query that is performed
            ' to read the username and password from server 
            Dim SelectStmt As String = "SELECT * FROM Login WHERE User_Name ='" + txtUsername.Text + "' and " + _
                                "Password ='" + txtPassword.Text + "'"

            Dim objcommand As SqlCommand = New SqlCommand(SelectStmt, objconnection)
            Dim reader As SqlDataReader = objcommand.ExecuteReader

            If reader.Read Then



                'integer variable to count the number of times
                'the user has tried loggin in
                Static count As Integer = 0

                'display promt 
                Dim prompt As DialogResult = _
                MessageBox.Show("Invalid Username or Password!", "Login Error", _
                MessageBoxButtons.RetryCancel, MessageBoxIcon.Warning)

                Select Case prompt

                    Case Windows.Forms.DialogResult.Retry
                        'keep login displayed for another trial 
                        txtUsername.Text = ""
                        txtPassword.Text = ""

                        count += 1 'increment counter by one 
                        If count = 3 Then
                            MessageBox.Show("High value of failed login attempts" & vbCrLf & _
                                           "Application will be terminated" & _
                                        " for security reasons", "Error", MessageBoxButtons.OK, _
                            End 'terminate application
                        End If

                    Case Windows.Forms.DialogResult.Cancel
                        Application.Exit()  'terminate application

                End Select

            End If
        Catch ex As Exception

        End Try
    End Sub
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.